DDoS Archive

A 17-year old boy from Idaho has been accused of paying a hacker to launch DDoS attacks against his school district.

The teen reportedly hired a third party to organise a week’s worth of distributed denial-of-service campaigns this month against the West Ada school district – the largest educational district in the state. The cyberattacks affected networks at all 52 schools including payroll, online textbooks, virtual teaching and standardised testing.

DDoS attacks coordinate computers around the world to overwhelm a server and cripple its processing ability. The ‘service’ is readily available for hire online for a surprisingly low cost – a brief browse discovered a bargain deal at $260/week.

The district’s IT staff managed to trace the IP address to a 17-year-old at Eagle High School. Another student at middle school level is also allegedly under investigation for a similar attack shortly afterward.

At the time of the hacking many students were undertaking Idaho Standard Achievement Testing online. The DDoS attacks caused the school systems to lose the test and results data and students were required to re-sit their exams multiple times.

According to a report by KTVB-TV News, the teen has been arrested and may face State and Federal computer crime felony charges. If the unnamed student is found guilty he is likely to have to serve up to 180 days in juvenile prison. The suspect has also been suspended from Eagle High and risks potential expulsion.

The minor’s parents are being held financially responsible for the damage caused by the attacks.

This is not the first time a teen has attempted to bring down their school system. In April this year, a 14-year-old in Florida managed to sidestep his middle school’s IT security using just his computer skills to access to the main server and locate files containing data from FCAT, Florida’s standardised comprehensive assessments.

Source: http://thestack.com/teen-hires-hacker-ddos-attack-school-district-260515

Think back to when you were a kid. No matter how well-adjusted and even-tempered you were (or weren’t) there was at least one other kid you just could not stand. You hated his face, his hair, his teeth, the way he talked, the way he looked at you, and the way he just existed. Remember the way he’d eat his sandwiches? He ate his sandwiches like a jerk.

Chances are, though, that no matter how much you couldn’t stand him, you didn’t go marching over to throw a dozen eggs at his house. The chances of getting caught were too high. You’d get in trouble. Everyone would know you did it and your parents would be mortified. But what if there had been a machine you could have secretly put a dollar in from several blocks away, and it would have rolled up in front of that kid’s house and started firing eggs? All that mess and damage, with none of your fingerprints on the eggshells. It would have been a strong consideration, right?

That business model all grown-up is how a group of people running services called Booters or Stressers are making a pretty sweet little profit offering DDoS attacks for hire.

DDoS and Booter Basics

DDoS is the acronym for a distributed denial of service attack, which is so named because it denies the use of a website and its services to legitimate users by suspending or disrupting the services of an internet-connected host. Booter services — which is a term that can be used interchangeably with Stresser services — offer DDoS attacks to anyone willing to pay for them.

With a Booter, users typically pay a fee and are given access to a user-friendly platform from which they can choose their target and get to DDoS-ing.

To give you an example of the cost-friendliness of this lovely service, one sample Booter charges $40 USD/month (£25) for an unlimited number of DDoS attacks lasting one hour.

What DDoS Can Do

The main area where the egg-firing machine analogy falls apart is in the potential damage. Even with a super-powerful egging machine, the worst possible damage is probably a broken window.

But a DDoS attack? One hour of a DDoS attack can cost an organization $40,000 (£25,000). That’s not even mentioning the software or hardware damage that can be done, the IP theft, financial data theft, loss of revenue and loss of consumer trust that can happen.

In order to inflict damage, a would-be DDoS attacker with access to a Booter service doesn’t even have to unleash the attack. DDoS ransom notes where someone demands a set amount of money in exchange for not hitting that website with a DDoS attack are becoming increasingly common.

Who Does That?

DDoS attacks are wildly common, and Booter services are popular enough that there are plenty of them online with their numbers always growing. That begs the question: who is it that’s using these websites?

The answer is depressing because your website could potentially be made a target by just about anyone. Business rivals are an obvious choice, but when you factor in the chance to make fast money from a DDoS ransom note, your potential attacker net widens considerably. Kids who don’t know who you are and have never visited your website before might be keying your url into a Booter.

While many Booter-for-hire users are unsurprisingly gamers who pay the Booter fee in order to DDoS Minecraft servers and similar websites, there have been some high profile attacks from the people behind these services.

The Lizard Squad, famous for its attacks on Sony Playstation Network and Microsoft’s Xbox Live, claimed those major attacks were simply advertisements for their Booter service.

Could a Booter Get to Your Website?

DDoS attacks have been found to affect 45 per cent of organizations — that’s very nearly 1 in 2. And with Booter services and DDoS ransom notes gaining popularity, that number could very well rise.

If you’re considering whether or not you should look into professional DDoS mitigation, and you haven’t yet decided that you absolutely should, consider this: you could pay for months of DDoS protection with what you might end up paying in a single ransom.

It isn’t nice to think that your website could fall victim to a DDoS attack. It’s even worse to think that the attack might come from someone hiding behind a Booter.

While you ultimately may not have plugged a dollar into that egging machine due to your own principles, there are plenty of people out there who don’t mind being cowardly in order to unleash a DDoS attack or make a quick buck on a ransom note. That’s the reality your website is living in.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Source: http://betanews.com/2015/05/25/ddos-for-hire-services-what-you-need-to-know/

The University of London Computer Centre fell victim to a cyber-attack on Thursday.

The assault left Moodle – an open-source learning platform – out of action for several hours on Thursday morning before normal service was restored.

Technicians initially estimated problems were down to firewall configuration issues, before realising actual humans were behind the problem, as status messages on the ULCC website explain.

All our services are now up and running again! The networking issue was caused by a cyber-attack.

We have taken action to block the source. An incident report will be produced and shared in due course.

George Anderson, director at security software firm Webroot, said that the timing of the attack just before students sit their finals is unlikely to be a coincidence.

“This attack was clearly implemented to have maximum impact on a system that would have been at peak usage around exam time,” Anderson said.

“While it’s positive to see that staff at ULCC have got the system back up and running, over four hours of ‘complete shutdown’ is not an acceptable time-period in most businesses cases.”

“Hopefully, this case will serve as a warning to other organisations, encouraging them to ensure that they have an effective strategy in place to make sure user experience is impacted as little as possible,” he added. ®

Source: http://www.theregister.co.uk/2015/05/22/university_of_london_ddos_attack/

Financial services firms take an average of 98 days to detect advanced cyber threats, while retailers take a whopping 197 days, according to a new Ponemon Institute Survey sponsored by security software provider Arbor Networks.

Moreover, 58 per cent of financial services firms and 71 per cent of retail organisations said that they were not optimistic about their ability to improve these results in the coming year.

These timescales are alarming, particularly with 83 per cent of financial services firms and 44 per cent of retail firms experiencing more than 50 attacks per month.

Dr Larry Ponemon, chairman and founder of the Ponemon Institute, said: “The time to detect an advanced threat is far too long; attackers are getting in and staying long enough that the damage caused is often irreparable.”

The survey asked how organisations managed advanced threats and distributed denial of services (DDoS) attacks targeting their infrastructure, and how effective (or not) their IT investments are, among other details.

It found that 45 per cent of financial services firms and 34 per cent of retailers had implemented incident response procedures to contain advanced threats, while 43 per cent of financial services firms and 17 per cent of retailers say that they have established threat sharing with other companies or government entities.

There is a similar divide between the industries when looking at DDoS attacks – where 45 per cent of financial services firms have established threat sharing with other companies or government entities to minimise or contain the impact of DDoS attacks, compared to only 13 per cent of retailers.

This suggests that retailers are less willing to share information about threats with others, which could be a reason why it takes them 99 days longer to identify a cyber threat than their financial services counterparts.

In fact, financial services firms are more confident that they can contain DDoS attacks (48 per cent said they ‘strongly agree’ or ‘agree’ that they can contain them), compared to retail firms (39 per cent ‘strongly agree’ or ‘agree’).

The Ponemon Institute surveyed 844 IT and IT security practitioners from financial services organisations, and 675 from retail firms. The practitioners were from North America, and 14 countries in Europe, Middle East and Africa (EMEA).

Source: http://www.computing.co.uk/ctg/news/2409602/financial-services-firms-take-98-days-to-detect-cyber-threats-retailers-take-197-days

Most DDoS defence solutions are missing critical parts of the threat landscape thanks to a lack of proper visibility.

Online organisations need to take a closer look at the problem of business disruption resulting from the external DDoS attacks that every organisation is unavoidably exposed to when they connect to an unsecured or ‘raw’ Internet feed. Key components of any realistic DDoS defense strategy are proper visualisation and analytics into these security events.

DDoS event data allows security teams to see all threat vectors associated with an attack – even complex hybrid attacks that are well disguised in order to achieve the goal of data exfiltration.

Unfortunately, many legacy DDoS defense solutions are not focused on providing visibility into all layers of an attack and are strictly tasked with looking for flow peaks on the network. If all you are looking for is anomalous bandwidth spikes, you may be missing critical attack vectors that are seriously compromising your business.

In the face of this new cyber-risk, traditional approaches to network security are proving ineffective. The increase in available Internet bandwidth, widespread access to cyber-attack software tools and ‘dark web’ services for hire, has led to a rapid evolution of increasingly sophisticated DDoS techniques used by cyber criminals to disrupt and exploit businesses around the world.

DDoS as a diversionary tactic

Today, DDoS attack techniques are more commonly employed by attackers to do far more than deny service. Attack attempts experienced by Corero’s protected customers in Q4 2014 indicate that short bursts of sub-saturating DDoS attacks are becoming more of the norm.

The recent DDoS Trends and Analysis report indicates that 66% of attack attempts targeting Corero customers were less than 1Gbps in peak bandwidth utilisation, and were under five minutes in duration.

Clearly this level of attack is not a threat to disrupt service for the majority of online entities. And yet the majority of attacks utilising well known DDoS attack vectors fit this profile. So why would a DDoS attack be designed to maintain service availability if ‘Denial of Service’ is the true intent? What’s the point if you aren’t aiming to take an entire IT infrastructure down, or wipe out hosted customers with bogus traffic, or flood service provider environments with massive amounts of malicious traffic?

Unfortunately, the answer is quite alarming. For organisations that don’t take advantage of in-line DDoS protection positioned at the network edge, these partial link saturation attacks that occur in bursts of short duration, enter the network unimpeded and begin overwhelming traditional security infrastructure. In turn, this activity stimulates un-necessary logging of DDoS event data, which may prevent the logging of more important security events and sends the layers of the security infrastructure into a reboot or fall back mode.

These attacks are sophisticated enough to leave just enough bandwidth available for other multi-vector attacks to make their way into the network and past weakened network security layers undetected. There would be little to no trace of these additional attack vectors infiltrating the compromised network, as the initial DDoS had done its job—distract all security resources from performing their intended functions.

Multi-vector and adaptive DDoS attack techniques are becoming more common

Many equate DDoS with one type of attack vector – volumetric. It is not surprising, as these high bandwidth-consuming attacks are easier to identify, and defend against with on-premises or cloud based anti-DDoS solutions, or a combination of both.

The attack attempts against Corero’s customers in Q4 2014 not only employed brute force multi-vector DDoS attacks, but there was an emerging trend where attackers have implemented more adaptive multi-vector methods to profile the nature of the target network’s security defenses, and subsequently selected a second or third attack designed to circumvent an organisation’s layered protection strategy.

While volumetric attacks remain the most common DDoS attack type targeting Corero customers, combination or adaptive attacks are emerging as a new threat vector.

Empowering security teams with DDoS visibility

As the DDoS threat landscape evolves, so does the role of the security team tasked with protecting against these sophisticated and adaptive attacks. Obtaining clear visibility into the attacks lurking on the network is rapidly becoming a priority for network security professionals. The Internet connected business is now realising the importance of security tools that offer comprehensive visibility from a single analysis console or ‘single pane of glass’ to gain a complete understanding of the DDoS attacks and cyber threats targeting their Internet-facing services.

Dashboards of actionable security intelligence can expose volumetric DDoS attack activity, such as reflection, amplification, and flooding attacks. Additionally, insight into targeted resource exhaustion attacks, low and slow attacks, victim servers, ports, and services as well as malicious IP addresses and botnets is mandatory.

Unfortunately, most attacks of these types typically slide under the radar in DDoS scrubbing lane solutions, or go completely undetected by cloud based DDoS protection services, which rely on coarse sampling of the network perimeter.

Extracting meaningful information from volumes of raw security events has been a virtual impossibility for all but the largest enterprises with dedicated security analysts. Next generation DDoS defense solutions can provide this capability in a turn-key fashion to organisations of all sizes. By combining high-performance in-line DDoS event detection and mitigation capabilities with sophisticated event data analysis in a state-of-the-art big data platform, these solutions can quickly find the needles in the haystack of security events.

With the ability to uncover hidden patterns of data, identify emerging vulnerabilities within the massive streams of DDoS attack and security event data, and respond decisively with countermeasures, next-generation DDoS first line of defense solutions provide security teams with the tools required to better protect their organization against the dynamic DDoS threat landscape.

Source: http://www.information-age.com/technology/security/123459482/how-organisations-can-eliminate-ddos-attack-blind-spot